One-command setup for a complete local Kubernetes development environment with trusted TLS certificates and comprehensive monitoring stack.
Stop fighting certificates, start building amazing things! β¨
No morecurl -k, no more certificate warnings - just pure local development bliss.
- Wildcard certificates for
*.kubernetes.docker.internal - Green lock in browsers - no security warnings
- macOS keychain integration - system-wide trust
- Works with any subdomain you create
- Prometheus - Metrics collection with 30-day retention
- Grafana - Beautiful dashboards with pre-built Kubernetes monitoring
- Jaeger - Distributed tracing for microservices
- AlertManager - Intelligent alerting and notifications
- One-command setup - From zero to production-ready in 2 minutes
- Automatic cleanup - Complete removal when you're done
- Example applications - Multi-service architectures ready to deploy
- Recovery tools - Handle conflicts and stuck resources
# Required tools (install via Homebrew)
brew install helm kubectl
# Required environment
β
macOS (Intel or Apple Silicon)
β
Docker Desktop with Kubernetes enabled
β
Admin privileges for certificate installation# Clone and setup everything
git clone https://github.com/YOUR_USERNAME/macmagik-docker-k8s-bootstrap.git
cd macmagik-docker-k8s-bootstrap
chmod +x *.sh scripts/*.sh
./setup-ingress.shThat's it! π In under 2 minutes you'll have:
- β NGINX Ingress Controller with trusted certificates
- β Complete monitoring stack (Prometheus, Grafana, Jaeger)
- β Example applications ready to use
- β All URLs accessible with green lock π
# Run comprehensive verification (recommended)
./verify-setup.shThis verification script tests all 14 components:
- Core Infrastructure (4 tests): Ingress controller, certificates, DNS resolution
- Monitoring Stack (7 tests): Prometheus, Grafana, AlertManager accessibility
- Distributed Tracing (3 tests): Jaeger components and health checks
| Service | URL | Purpose | Credentials |
|---|---|---|---|
| Echo Test App | https://echo.kubernetes.docker.internal/ | Test ingress setup | None |
| Any Subdomain | https://[anything].kubernetes.docker.internal/ | Test custom services | None |
| Service | URL | Purpose | Credentials |
|---|---|---|---|
| Prometheus | https://prometheus.kubernetes.docker.internal/ | Metrics collection & queries | None |
| Grafana | https://grafana.kubernetes.docker.internal/ | Dashboards & visualization | admin / admin123 |
| AlertManager | https://alertmanager.kubernetes.docker.internal/ | Alert management | None |
| Jaeger | https://jaeger.kubernetes.docker.internal/ | Distributed tracing | None |
| Application | URL | Purpose | Features |
|---|---|---|---|
| Multi-Service Demo | https://frontend.kubernetes.docker.internal/ | Microservices architecture | Frontend, API, Admin panels |
| SPA Application | https://spa.kubernetes.docker.internal/ | Single Page App | Client-side routing |
| Monitoring Dashboard | https://monitoring.kubernetes.docker.internal/ | Unified monitoring | Real-time metrics |
# Deploy complete multi-service architecture
kubectl apply -f examples/multi-service/
# Access at: https://frontend.kubernetes.docker.internal/
# https://api.kubernetes.docker.internal/
# https://admin.kubernetes.docker.internal/
# Deploy single-page application
kubectl apply -f examples/spa-application/
# Access at: https://spa.kubernetes.docker.internal/
# Deploy monitoring dashboard
kubectl apply -f examples/monitoring-dashboard/
# Access at: https://monitoring.kubernetes.docker.internal/- Create your application deployment:
# my-app.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 1
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-app
spec:
selector:
app: my-app
ports:
- port: 80
targetPort: 80- Create ingress with trusted TLS:
# my-app-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- my-app.kubernetes.docker.internal
secretName: default-tls # Reuse the wildcard certificate!
rules:
- host: my-app.kubernetes.docker.internal
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app
port:
number: 80- Deploy and access:
# Deploy your application
kubectl apply -f my-app.yaml -f my-app-ingress.yaml
# Add to hosts file (automatic if using setup script)
echo "127.0.0.1 my-app.kubernetes.docker.internal" | sudo tee -a /etc/hosts
# Access with trusted certificate!
open https://my-app.kubernetes.docker.internal/# Access Prometheus UI
open https://prometheus.kubernetes.docker.internal/
# Example queries to try:
# - Container CPU usage: rate(container_cpu_usage_seconds_total[5m])
# - Memory usage: container_memory_usage_bytes
# - Pod status: kube_pod_status_phase# Access Grafana (admin/admin123)
open https://grafana.kubernetes.docker.internal/
# Pre-installed dashboards:
# - Kubernetes / Compute Resources / Cluster
# - Kubernetes / Compute Resources / Namespace
# - Node Exporter / Nodes# Access Jaeger UI
open https://jaeger.kubernetes.docker.internal/
# Send traces to Jaeger from your applications:
# HTTP endpoint: http://jaeger-prod-collector.observability.svc.cluster.local:14268/api/traces
# Agent endpoint: jaeger-prod-agent.observability.svc.cluster.local:6831# Remove everything (certificates, services, monitoring)
./cleanup-ingress.sh# If setup fails with conflicts or "object modified" errors
./recovery.sh
# Then retry setup
./setup-ingress.sh# Remove only monitoring stack
helm uninstall prometheus -n monitoring
kubectl delete namespace monitoring observability
# Remove only example applications
kubectl delete -f examples/multi-service/
kubectl delete -f examples/spa-application/
# Remove specific ingress
kubectl delete ingress my-app-ingressπ‘ Quick Diagnosis: Run
./verify-setup.shfirst to identify issues automatically.
Problem: Certificate not trusted in browser
# Check if certificate exists in keychain
security find-certificate -c "*.kubernetes.docker.internal" /Library/Keychains/System.keychain
# Re-add certificate manually
kubectl get secret default-tls -n ingress-nginx -o jsonpath='{.data.tls\.crt}' | base64 -d > temp-cert.crt
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain temp-cert.crt
rm temp-cert.crtProblem: Service not accessible
# Check ingress controller status
kubectl get pods -n ingress-nginx
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx
# Check your service and ingress
kubectl get svc,ingress -A
kubectl describe ingress my-app-ingress
# Check DNS resolution
grep kubernetes.docker.internal /etc/hosts
nslookup my-app.kubernetes.docker.internalProblem: Monitoring services not responding
# Check monitoring pods
kubectl get pods -n monitoring -n observability
# Check specific service logs
kubectl logs -n monitoring prometheus-grafana-xxx
kubectl logs -n observability jaeger-prod-xxx
# Restart monitoring stack
helm upgrade prometheus prometheus-community/kube-prometheus-stack -n monitoringProblem: "Object has been modified" or "AlreadyExists" errors
# Use recovery script (handles most conflicts)
./recovery.sh
# Manual cleanup for persistent issues
kubectl patch pv pv-name -p '{"metadata":{"finalizers":null}}'
kubectl delete namespace stuck-namespace --grace-period=0 --forceFor more detailed troubleshooting, see TROUBLESHOOTING.md.
Browser Request (https://app.kubernetes.docker.internal)
β
macOS /etc/hosts (127.0.0.1)
β
Docker Desktop (localhost:443)
β
NGINX Ingress Controller (hostPort)
β
Kubernetes Service
β
Pod (your application)
Root CA (kubernetes-ca.crt)
β
Wildcard Certificate (*.kubernetes.docker.internal)
β
macOS Keychain (system-wide trust)
β
Kubernetes TLS Secret (default-tls)
β
Ingress TLS Termination
Applications β Prometheus (metrics) β Grafana (dashboards)
β
Applications β Jaeger Agent β Jaeger Collector β Jaeger Query β Jaeger UI
β
Prometheus β AlertManager (alerts) β Notifications
macmagik-docker-k8s-bootstrap/
βββ setup-ingress.sh # Main setup script
βββ cleanup-ingress.sh # Complete cleanup
βββ recovery.sh # Resource conflict recovery
βββ verify-setup.sh # Comprehensive verification
βββ scripts/
β βββ install-prometheus.sh # Monitoring stack
β βββ install-jaeger.sh # Distributed tracing
βββ examples/
β βββ multi-service/ # Microservices demo
β βββ spa-application/ # Single-page app
β βββ monitoring-dashboard/ # Unified monitoring
β βββ README.md # Examples documentation
βββ CONTRIBUTING.md # Contribution guidelines
βββ TROUBLESHOOTING.md # Common issues & solutions
βββ LICENSE # MIT license
βββ README.md # This file
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
Quick workflow:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Test your changes:
./cleanup-ingress.sh && ./setup-ingress.sh && ./verify-setup.sh - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
# Test the complete flow
./cleanup-ingress.sh # Clean slate
./setup-ingress.sh # Full setup
./verify-setup.sh # Verify everything works
# Test example applications
kubectl apply -f examples/multi-service/
curl -k https://frontend.kubernetes.docker.internal/
# Cleanup after testing
./cleanup-ingress.shMIT License - see LICENSE for details.
- Docker Desktop team for making Kubernetes accessible on macOS
- NGINX Ingress Controller maintainers for excellent Docker Desktop support
- Prometheus Operator team for simplified monitoring setup
- Jaeger team for outstanding distributed tracing
- Kubernetes community for incredible documentation and support
If this project saved you time and frustration, please consider giving it a star! β
Made with β€οΈ for developers who are tired of fighting local Kubernetes certificates
Stop configuring, start building! π